lundi 12 mars 2012

Running multiple SSID on Cisco AP in the real life

Trying to run multiple SSIDs matching differents VLANs on my Cisco 1242 Wireless Access Point, i was boring to only find on Internet bad or mismatch configurations. So here is a working one i built myself. FYI, the Fast Ethernet interface is connected to a 802.1q portswitch which allow VLANs 20 (VENUS), 30 (EARTH) and 40 (MARS) to be forwarded. The Access Point here doesn't give an IP address to the wireless clients : you need a DHCP server on each VLAN.

Cisco 1242 AP and a Wireless controler

! Access point name :

name APTEST

!

! Admin password :

enable secret 0 Cisco

!

! No local database for authentication

no aaa new-model

!

! SSID used by WiFi Clients

dot11 ssid VENUS

!

! matching VLAN

vlan 20

!

! Allow wireless association with anyone

authentication open

!

! Enabling wpa v2

authentication key-management wpa version 2

!

! Broadcast the SSID with other ones

mbssid guest-mode

!

! Pre-shared key to declare inside wifi client configuration

wpa-psk ascii 0 VENUS_PASSWORD

!

! SSID VENUS will run with two concurrent SSIDs : EARTH & MARS

dot11 ssid EARTH

vlan 30

authentication open

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 0 EARTH_PASSWORD

!

dot11 ssid MARS

vlan 40

authentication open

authentication key-management wpa version 2

mbssid guest-mode

wpa-psk ascii 0 MARS_PASSWORD

!

! Allow power over Ethernet in case of plugging the Access Point! on PoE Ethernet switch (no needs of !external power supply